默认情况下,网络服务帐户是否应该接收临时文件权限?
最近,我正在通过网络表单从 Crystal Reports 生成 PDF。 它失败了,我确定这是由 c:\windows\temp 目录上的权限设置引起的。 我授予网络服务帐户对此文件夹的完全访问权限,这立即解决了问题。 但是网络服务帐户默认情况下没有这些权限是否有原因?
Rick Strahl 在此处提出了这个问题。 听起来这样做应该不会有任何问题,但 Rick 不清楚为什么默认设置是这样的。
Web服务器是Windows Server 2003
Recently I was working with generating a PDF from Crystal Reports through a webform. It was failing, which I determined to be caused by the permissions settings on the c:\windows\temp dir. I gave the Network Service account full access to this folder, which promptly fixed the issue. But is there a reason the Network Service account didn't have these permissions by default?
Rick Strahl asks this question here. It sounds like there shouldn't be any issues with doing this, but Rick wasn't clear on why the default is set that way.
Web Server is Windows Server 2003
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
如今,默认选项往往是更安全的选项。 我认为没有其他原因。
我遇到了和你一样的问题,在我的环境中只是给予了许可并继续前进。
这篇文章建议这样做这是 Crystal Reports 的错误,它显式引用 %WINDIR%\Temp 而不是使用 Path.GetTempPath() 等 API。 事实上,我已经看到 Path.GetTempPath() 在 Windows 2003 上的网络服务帐户下运行时返回 %WINDIR%\Temp。
These days, the default option will tend to be the more secure one. I don't think there's any other reason.
I've had the same issue as you, and in my environment just gave the permission and moved on.
This post suggests it is the fault of Crystal Reports, which is explicitly referencing %WINDIR%\Temp instead of using an API such as Path.GetTempPath(). In fact I have seen Path.GetTempPath() return %WINDIR%\Temp when running under the Network Service account on Windows 2003.
这篇关于创建临时文件的帖子包含支持使用 Windows 临时文件夹的注释。
有关使用网络服务帐户的 msdn 文章指出“如果您的 ASP.NET 应用程序需要使用其他位置的文件或文件夹,则必须专门启用访问”这告诉我,对临时文件夹的默认限制不是因为临时文件夹被单独挑出来,而是因为除了默认情况下,IIS 根文件夹受到限制。
This post on creating temp files has comments that support using the windows temp folder.
An msdn article on using the Network Service account states that "if your ASP.NET application needs to use files or folders in other locations, you must specifically enable access" This tells me that the default restriction to the temp folder isn't because the temp folder was singled out, but that all other locations besides the IIS root folder are restricted by default.
%windows%\temp 不适合一般的临时工和呕吐。 很明显,Crystal Reports 正在滥用该目录。 当开发人员懒得用管理员帐户以外的任何东西启动他们的机器时,这种情况经常发生。
每个用户(包括网络服务)在文档和目录下都有自己的临时空间,具有完全访问权限。 设置。 获胜者不像 CR,而是使用自己的临时空间。
总之,win\temp上的默认权限是没有问题的。 我相信它只是为了 Windows 的内部运作而设计的。 (话又说回来,如果该目录从一开始就不存在,那么对所有相关人员来说会好得多。)
%windows%\temp is not for general temp'ing and barfing around. It is crystal clear that Crystal Reports is abusing that directory. This happens a lot when developers are too lazy to boot up their machines with anything but an admin account.
Every user (including Network Service) has their own temp space, with full access rights, under Documents & Settings. Winners don't act like CR, and use their own temp spaces.
In short, there is nothing wrong with default permissions on win\temp. I believe it is simply meant for Windows' internal workings. (Then again, it would be much better for everyone concerned, if that directory never existed in the first place.)